diff --git a/builtin/providers/openstack/config.go b/builtin/providers/openstack/config.go index f18465538d67..47ba00f855eb 100644 --- a/builtin/providers/openstack/config.go +++ b/builtin/providers/openstack/config.go @@ -2,7 +2,9 @@ package openstack import ( "crypto/tls" + "crypto/x509" "fmt" + "io/ioutil" "net/http" "github.com/rackspace/gophercloud" @@ -21,6 +23,7 @@ type Config struct { DomainName string Insecure bool EndpointType string + CACertFile string osClient *gophercloud.ProviderClient } @@ -51,6 +54,24 @@ func (c *Config) loadAndValidate() error { return err } + if c.CACertFile != "" { + + caCert, err := ioutil.ReadFile(c.CACertFile) + if err != nil { + return err + } + + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + + config := &tls.Config{ + RootCAs: caCertPool, + } + + transport := &http.Transport{TLSClientConfig: config} + client.HTTPClient.Transport = transport + } + if c.Insecure { // Configure custom TLS settings. config := &tls.Config{InsecureSkipVerify: true} diff --git a/builtin/providers/openstack/provider.go b/builtin/providers/openstack/provider.go index 6d6845acbf59..cb198425e67b 100644 --- a/builtin/providers/openstack/provider.go +++ b/builtin/providers/openstack/provider.go @@ -66,6 +66,11 @@ func Provider() terraform.ResourceProvider { Optional: true, DefaultFunc: envDefaultFuncAllowMissing("OS_ENDPOINT_TYPE"), }, + "cacert_file": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + DefaultFunc: envDefaultFuncAllowMissing("OS_CACERT"), + }, }, ResourcesMap: map[string]*schema.Resource{ @@ -108,6 +113,7 @@ func configureProvider(d *schema.ResourceData) (interface{}, error) { DomainName: d.Get("domain_name").(string), Insecure: d.Get("insecure").(bool), EndpointType: d.Get("endpoint_type").(string), + CACertFile: d.Get("cacert_file").(string), } if err := config.loadAndValidate(); err != nil {